class UsersController < ApplicationController
  # GET /users
  # GET /users.xml
  def index
    if authorize
      @users = User.search(params[:search], params[:page])
      
      respond_to do |format|
        format.html # index.html.erb
        format.xml  { render :xml => @users }
      end
    end
  end
  
  # GET /users/1
  # GET /users/1.xml
  def show
    if authorize
      @user = User.find(params[:id])
      
      respond_to do |format|
        format.html # show.html.erb
        format.xml  { render :xml => @user }
      end
    end
  end
  
  # GET /users/new
  # GET /users/new.xml
  def new
    if authorize
      @user = User.new
      
      respond_to do |format|
        format.html # new.html.erb
        format.xml  { render :xml => @user }
      end
    end
  end
  
  def block
    if authorize
      @user = User.find(params[:user])
      respond_to do |format|
        if(@user.user_status_id == 2)
          if(@user.update_attribute(:user_status_id, 1))
            flash[:notice] = "User #{@user.first_name} was successfully Blocked."
            format.html { redirect_to(:action=>:index) }
          end
        else
          if(@user.update_attribute(:user_status_id, 2))
            flash[:notice] = "User #{@user.first_name} was successfully Unblocked."
            format.html { redirect_to(:action=>:index) }
          end
        end       
      end
    end
  end
  # GET /users/1/edit
  def edit
    if authorize
      @user = User.find(params[:id])
    end
  end
  
  # POST /users
  # POST /users.xml
  def create2
    @user = User.new(params[:user])
    
    respond_to do |format|
      if @user.save
        flash[:notice] = 'User #{@User.first_name} was successfully created.'
        format.html { redirect_to(:action=>:index) }
        format.xml  { render :xml => @user, :status => :created, :location => @user }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
      end
    end
  end
  
  # PUT /users/1
  # PUT /users/1.xml
  def update
    if authorize
      @user = User.find(params[:id])
      
      respond_to do |format|
        if @user.update_attributes(params[:user])
          flash[:notice] = 'User #{@User.first_name} was successfully created.'
          format.html { redirect_to(:action=>:index) }
          format.xml  { head :ok }
        else
          format.html { render :action => "edit" }
          format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
        end
      end
    end
  end
  
  # DELETE /users/1
  # DELETE /users/1.xml
  def destroy
    if authorize
      @user = User.find(params[:id])
      @user.destroy
      
      respond_to do |format|
        format.html { redirect_to(users_url) }
        format.xml  { head :ok }
      end
    end
  end
  protected
  def authorize
    unless session[:user_id]
      flash[:notice] = "<div class='invisible'>Por favor identifiquese<div>"
      redirect_to :controller => 'admin', :action => 'login', :class => 'nyroModal', :rev=>'gal'
    else
      user = User.find(session[:user_id])
      if user.user_tipe_id == 1
        return true        
      else
        flash[:notice] = "<div class='invisible'>Por favor identifiquese<div>"
        redirect_to :controller => 'admin', :action => 'login', :class => 'nyroModal', :rev=>'gal'
      end
    end
  end
end
